Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Please download this file: Nailfix UtilitySave it to your desktop.DO NOT run it yet.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

Instead of Windows loading as normal, a menu should appear

Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.

Click on scanner

Click on Complete System Scan and the scan will begin.

NOTE: During some scans with ewido it is finding cases of false positives.**

You will need to step through the process of cleaning files one-by-one.

If ewido detects a file you KNOW to be legitimate, select none as the action.

DO NOT select "Perform action on all infections"

If you are unsure of any entry found select none for now as the action.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report.

Save the report .txt file to your desktop or a location where you can find it easily.

**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.NOTE: The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Locate and delete the following File in BOLD:

c:\windows\system32\rbjbqpc.exe (or whatever the name may have changed to, as noted above).C:\WINDOWS\dsr.dllC:\WINDOWS\dinst.exeC:\WINDOWS\svcproc.exe

Now run CCleaner.

Uncheck "Cookies" under "Internet Explorer".

If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".

Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.

Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply

greyknight17

Posted 26 July 2005 - 08:36 PM

greyknight17

Malware Expert

Visiting Consultant

16,560 posts

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

turnip

Posted 27 July 2005 - 02:53 AM

I had actually followed most of the steps (a couple of times!) before posting my plea for help here, but you helped me find the little bits that I had missed on previous attempts. Thanks again.

I'm pretty sure my computer was infected after following a link to a site (about dog behavior) from google. The link instead took me to a pet store type site and MS Antispy immediately began popping up multiple warnings about BHO's trying to be installed. I was rapidly clicking "block" on the many popups but may have clicked "allow" on one by mistake.